nerdexam
(ISC)2

CISSP · Question #355

What capability would typically be included in a commercially available software package designed for access control?

The correct answer is A. Password encryption. Access control software packages are designed to manage and protect authentication credentials, with password encryption being a core and standard capability included in such solutions.

Submitted by salim_om· Mar 5, 2026Identity and Access Management

Question

What capability would typically be included in a commercially available software package designed for access control?

Options

  • APassword encryption
  • BFile encryption
  • CSource library control
  • DFile authentication

How the community answered

(38 responses)
  • A
    89% (34)
  • B
    3% (1)
  • C
    3% (1)
  • D
    5% (2)

Why each option

Access control software packages are designed to manage and protect authentication credentials, with password encryption being a core and standard capability included in such solutions.

APassword encryptionCorrect

Password encryption is a fundamental capability of access control software because these packages must securely store and transmit user credentials to authenticate identities and grant or deny access. Encrypting passwords prevents unauthorized disclosure if the credential store is compromised. This is a universally expected feature in commercial access control products, aligning with security best practices such as hashing and salting stored passwords.

BFile encryption

File encryption is a capability associated with data protection or rights management software, not specifically with access control packages, which focus on identity and authentication rather than encrypting data at rest.

CSource library control

Source library control is a feature of software configuration management (SCM) or version control systems, which manage code repositories and change tracking, and is unrelated to access control software functionality.

DFile authentication

File authentication (verifying file integrity or origin) is a feature of integrity-checking or digital signature tools, not a standard capability bundled within commercial access control software packages.

Concept tested: Core capabilities of access control software packages

Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

Topics

#Access control systems#Password security#Credential protection#Authentication mechanisms

Community Discussion

No community discussion yet for this question.

Full CISSP Practice